Skip to content

Does Your MSP have Cyber Insurance?

Lantech May 18, 2023 1:43:43 PM

OA question: Would you drive your car without insurance?

We sincerely hope your reaction was a definite no.  After all, it’s a legal requirement to have cover, and on the roads, you’re never quite sure what risks you’ll face.

So here’s a second question. Would you trust a Managed Service Provider who didn’t have cyber insurance cover? 
Was that harder to answer? 𝐈𝐭 𝐬𝐡𝐨𝐮𝐥𝐝𝐧’𝐭 𝐡𝐚𝐯𝐞 𝐛𝐞𝐞𝐧. Not with the increasing prevalence of cyber threats, which can come from all sorts of angles and inflict irreparable damage on your business and your reputation.

Here’s another factor to think about. If a hacker wants to maximise damage or extort more ransomware payments, who better to target than an #MSP who looks after and has access to the systems of numerous businesses?

𝐃𝐨𝐧’𝐭 𝐚𝐬𝐬𝐮𝐦𝐞 𝐲𝐨𝐮’𝐫𝐞 𝐜𝐨𝐯𝐞𝐫𝐞𝐝

That’s something we’re well aware of and our insurance is squeaky clean, but with threats increasing, premiums rise. When we started talking about this issue with fellow MSPs, we discovered some don’t have the right cover, some don’t have enough and some, worryingly, don’t have any at all.

While that might appear to be their problem, it’s an issue for their clients too. What happens to you if they’re attacked? Would your insurance cover your losses? Is your business continuity guaranteed?
Don’t get us wrong. Insurance doesn’t magically prevent cyber attacks from happening – just as insuring your vehicle doesn’t take every careless driver off the road. But it’s part of the defence strategy. What’s more, the savvy MSP who puts in place robust, accredited cyber-security measures will probably be able to find insurance policies for a more manageable premium. Insurance is a key part of a belt-and-braces approach.

𝐀 𝐬𝐢𝐦𝐩𝐥𝐞 𝐪𝐮𝐞𝐬𝐭𝐢𝐨𝐧 𝐚𝐛𝐨𝐮𝐭 𝐚 𝐜𝐨𝐦𝐩𝐥𝐞𝐱 𝐬𝐮𝐛𝐣𝐞𝐜𝐭

Now, the details of cybersecurity insurance can be confusing. There are complications about who is covered: just the policy-holder, or third parties too – a particularly important consideration for MSPs looking after their clients’ IT ecosystems. Then some policies cover certain types of risk only, such as data breaches. Don’t get too hung up on this right now. The first thing you need to ascertain is whether your MSP is putting you at risk by not having cyber insurance.
Ask that first question. Decide whether the response is convincing and complete or just a bit of waffle they hope will reassure.

If it’s the latter, are you still happy to be motoring along with them?